EC3773 Advanced Network Traffic Analysis (Short Course)

The Advanced Network Traffic Analysis short course equips students with an in-depth understanding of the tools and techniques necessary for gaining deep insight through macro and statistical analysis of network flows. Statistical analysis methods will be introduced and applied to metadata associated with network flows. Flow record and Intrusion Detection/Prevention systems will be discussed and compared. Students will be well versed in the use of the ELK stack netflow module, tcpflow, NetworkMiner, snort, Argus tools and nfdump. This is a 5-day short course.

Prerequisite

EC3772 or permission of the Instructor.

Lecture Hours

1

Lab Hours

0.5

Course Learning Outcomes

  • Demonstrate how to find the top causes of network performance problems through expert system analysis
  • Employ statistical tools to measure live traffic
  • Describe the concepts of macro flow analysis by differentiating the similarities and differences between each
  • Distinguish between flow content analysis and statistical flow analysis
  • Be familiar with flow content analysis tools such as foremost, NetworkMiner and tcpxtract
  • Be familiar with visual macro analysis tools such as ORA and recognize characteristic patterns of malicious traffic
  • Describe the concepts of software-defined networking and the openflow protocol by drawing a multi-layered network topology
  • Be familiar with various types of VoIP signaling
  • Be able to reconstruct VoIP flows
  • Demonstrate an understanding of the architecture of flow record collection systems by designing a system given user constraints
  • Use flow record analysis tools such as nfdump and Argus tools to identify anomalous traffic
  • Describe the concepts in statistical traffic analysis and self-similarity through probabalistic expressions
  • Device fundamental concepts in Intrusion Detection and Prevention Systems by providing examples for each
  • Program Snort rules and interpret snort alerts
  • Recognize communication characteristics of Advanced Persistent Threats (APT)